zlib - Debian Package Tracker

general

source: zlib (main)
version: 1:1.3.dfsg+really1.3.1-3
maintainer: Mark Brown (DMD)
arch: any
std-ver: 4.6.1
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.2.11.dfsg-2+deb11u2
o-o-sec: 1:1.2.11.dfsg-2+deb11u2
oldstable: 1:1.2.13.dfsg-1
stable: 1:1.3.dfsg+really1.3.1-1
testing: 1:1.3.dfsg+really1.3.1-3
unstable: 1:1.3.dfsg+really1.3.1-3

versioned links

1:1.2.11.dfsg-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.2.13.dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.3.dfsg+really1.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.3.dfsg+really1.3.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lib32z1
lib32z1-dev
lib64z1
lib64z1-dev
libminizip-dev
libminizip1t64
libn32z1
libn32z1-dev
minizip (4 bugs: 0, 1, 3, 0)
zlib1g (5 bugs: 0, 2, 3, 0)
zlib1g-dev (4 bugs: 0, 1, 3, 0)
zlib1g-udeb

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-27171: zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Created: 2026-02-18 Last update: 2026-02-21 00:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-27171: zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Created: 2026-02-18 Last update: 2026-02-21 00:00

lintian reports 2 errors and 3 warnings high

Lintian reports 2 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-02-01 Last update: 2026-02-01 03:02

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-01 13:00

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-27171: (needs triaging) zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-18 Last update: 2026-02-21 00:00

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-27171: (needs triaging) zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Created: 2023-12-09 Last update: 2026-02-21 00:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.6.1).

Created: 2022-12-17 Last update: 2026-02-17 00:19

testing migrations

This package is part of the ongoing testing transition known as s390-31-bit-rm. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-02-21] zlib 1:1.3.dfsg+really1.3.1-3 MIGRATED to testing (Debian testing watch)
[2026-02-16] Accepted zlib 1:1.3.dfsg+really1.3.1-3 (source) into unstable (Mark Brown)
[2026-01-31] Accepted zlib 1:1.3.dfsg+really1.3.1-2 (source) into unstable (Mark Brown)
[2024-05-20] zlib 1:1.3.dfsg+really1.3.1-1 MIGRATED to testing (Debian testing watch)
[2024-05-10] Accepted zlib 1:1.3.dfsg+really1.3.1-1 (source) into unstable (Mark Brown)
[2024-04-27] zlib 1:1.3.dfsg-3.1 MIGRATED to testing (Debian testing watch)
[2024-03-01] Accepted zlib 1:1.3.dfsg-3.1 (source) into unstable (Benjamin Drung)
[2024-02-05] Accepted zlib 1:1.3.dfsg-3.1~exp1 (source) into experimental (Steve Langasek)
[2023-12-23] zlib 1:1.3.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-12-22] zlib 1:1.3.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-11-23] Accepted zlib 1:1.3.dfsg-3 (source) into unstable (Mark Brown)
[2023-11-17] Accepted zlib 1:1.3.dfsg-2 (source) into unstable (Mark Brown)
[2023-11-17] Accepted zlib 1:1.3.dfsg-1 (source) into unstable (Mark Brown)
[2023-08-24] zlib 1:1.2.13.dfsg-3 MIGRATED to testing (Debian testing watch)
[2023-08-15] Accepted zlib 1:1.2.13.dfsg-3 (source) into unstable (Mark Brown)
[2023-08-14] Accepted zlib 1:1.2.13.dfsg-2 (source) into unstable (Mark Brown)
[2022-12-12] zlib 1:1.2.13.dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-05] Accepted zlib 1:1.2.13.dfsg-1 (source) into unstable (Mark Brown)
[2022-09-12] Accepted zlib 1:1.2.11.dfsg-1+deb10u2 (source) into oldstable (Emilio Pozuelo Monfort)
[2022-08-26] Accepted zlib 1:1.2.11.dfsg-2+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-08-25] Accepted zlib 1:1.2.11.dfsg-2+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-08-23] zlib 1:1.2.11.dfsg-4.1 MIGRATED to testing (Debian testing watch)
[2022-08-17] Accepted zlib 1:1.2.11.dfsg-4.1 (source) into unstable (Salvatore Bonaccorso)
[2022-04-17] Accepted zlib 1:1.2.11.dfsg-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-04-17] Accepted zlib 1:1.2.11.dfsg-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-04-02] Accepted zlib 1:1.2.8.dfsg-5+deb9u1 (source) into oldoldstable (Anton Gladky)
[2022-04-01] Accepted zlib 1:1.2.11.dfsg-2+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-04-01] Accepted zlib 1:1.2.11.dfsg-1+deb10u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-03-31] zlib 1:1.2.11.dfsg-4 MIGRATED to testing (Debian testing watch)
[2022-03-26] Accepted zlib 1:1.2.11.dfsg-4 (source) into unstable (Mark Brown)

bugs [bug history graph]

all: 20 21
RC: 0
I&N: 9
M&W: 11 12
F&P: 0
patch: 2

links

homepage
lintian (2, 3)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.3.dfsg+really1.3.1-1ubuntu3
26 bugs (2 patches)
patches for 1:1.3.dfsg+really1.3.1-1ubuntu3